Unicorn Internet Explorer bug exploitation spotted

Pro
(Source: Stockfresh)

21 November 2014

Researchers at security company ESET have identified the first proof-of-concept showing the “Unicorn Bug” in action. The bug affects all versions of Internet Explorer, from version 3 to 11.

Having lain undiscovered for nearly 20 years, the bug has had a patch issued by Microsoft, but users of Internet Explorer, especially a version that may be part of a corporate standard image, have been warned to ensure that they have up to date protection, if not the specific patch installed.

According to ESET, the vulnerability can not only be used by an attacker to run arbitrary code on a remote machine, but it can also bypass the Enhanced Protected Mode sandbox in IE11 as well as Microsoft’s free anti-exploitation tool, the Enhanced Mitigation Experience Toolkit.

The Unicorn bug can be exploited when users of affected version of Internet Explorer that do not have the patch installed, or sufficient third party protections, visit a specifically crafted web site, said ESET.

A full report is available on the ESET Ireland blog.

 

 

TechCentral Reporters

Read More:


Back to Top ↑

TechCentral.ie